antivirus:antivirus

Configure the ClamAV antivirus settings.

sentinel --task=antivirus:antivirus
Option
Value Default Description
--PidFile <string> /run/clamd.scan/clamd.pid Save a process identifier of the listening daemon (main thread).
--TemporaryDirectory <string> /var/tmp Path to the global temporary directory.
--DatabaseDirectory <string> /var/lib/clamav Path to the database directory.
--OfficialDatabaseOnly <string> no Only load the official signatures published by the ClamAV project.
--LocalSocket <string> /run/clamd.scan/clamd.sock Path to a local socket file the daemon will listen on.
--LocalSocketGroup <string> virusgroup Sets the group ownership on the unix socket.
--LocalSocketMode <digit> 660 Sets the permissions on the unix socket to the specified mode.
--FixStaleSocket <yes|no> yes Remove stale socket after unclean shutdown.
--TCPSocket <string> The TCP port address.
--TCPAddr <string> The TCP address.
--MaxConnectionQueueLength <digit> 200 Maximum length the queue of pending connections may grow to.
--StreamMaxLength <digit> 100M Close the connection when the data size limit is exceeded. The value should match your MTAs limit for a maximum attachment size.
--StreamMinPort <digit> 1024 Limit port range.
--StreamMaxPort <digit> 2048 Limit port range.
--MaxThreads <digit> 10 Maximum number of threads running at the same time.
--ReadTimeout <digit> 120 Waiting for data from a client socket will timeout after this time. (seconds)
--CommandReadTimeout <digit> 30 The time after which the antivirus daemon should timeout if a client does not provide any initial command after connecting. (seconds)
--SendBufTimeout <digit> 500 How long to wait if the send buffer is full. (milliseconds)
--MaxQueue <digit> 100 Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.
--IdleTimeout <digit> 30 Waiting for a new job will timeout after this time. (seconds)
--ExcludePath <string1,string2> ^/proc/ ^/sys/ ^/var/hotcopy/ /usr/share/doc/clamav-*/test/ Do not scan files and directories matching this regex.
--ExcludePath_add <string> Add a single entry to ExcludePath.
--ExcludePath_del <string> Remove a single entry from ExcludePath.
--MaxDirectoryRecursion <digit> 15 Maximum depth directories are scanned at.
--FollowDirectorySymlinks <yes|no> no Follow directory symlinks.
--FollowFileSymlinks <yes|no> no Follow regular file symlinks.
--CrossFilesystems <yes|no> yes Scan files and directories on other filesystems.
--SelfCheck <digit> 3600 The interval (in seconds) to check the signature database directory for any changes then reload the signatures if any changes are detected.
--VirusEvent <yes|no> no Execute a command when virus is found. In the command string %v will be replaced with the virus name.
--User <string> clamscan Run as another user (The antivirus daemon must be started by root).
--ExitOnOOM <yes|no> no Stop daemon when libclamav reports out of memory condition.
--Foreground <yes|no> no Do not fork into background.
--Debug <yes|no> no Enable debug messages in libclamav.
--LeaveTemporaryFiles <yes|no> no Do not remove temporary files (for debug purposes).
--AllowAllMatchScan <yes|no> yes Permit use of the ALLMATCHSCAN command.
--DetectPUA <yes|no> no Detect possibly unwanted applications.
--ExcludePUA <string1,string2> Exclude a specific possibly unwanted application category.
--ExcludePUA_add <string> Add a single entry to ExcludePUA.
--ExcludePUA_del <string> Remove a single entry from ExcludePUA.
--IncludePUA <string1,string2> Only include a specific possibly unwanted application category.
--IncludePUA_add <string> Add a single entry to IncludePUA.
--IncludePUA_del <string> Remove a single entry from IncludePUA.
--ForceToDisk <yes|no> no Force memory or nested map scans to dump the content to disk. More data is written to disk and is available when the LeaveTemporaryFiles option is enabled.
--DisableCache <yes|no> no Disable the caching feature of the engine. By default, the engine will store an MD5 in a cache of any files that are not flagged as virus or that hit limits checks. Disabling the cache will have a negative performance impact on large scans.
--LogFile <yes|no> /var/log/clamd.scan The log file must be writable for the user running daemon. A full path is required.
--LogFileUnlock <string> no Disable log file locking.
--LogFileMaxSize <string> 1M Maximum size of the log file. A value of 0 disabled the limit. You may use M/m for megabytes or K/k for kilobytes. To specify the size in bytes just do not use modifiers. If LogFileMaxSize is enabled log rotation (the LogRotate option) will always be enabled.
--LogTime <yes|no> yes Log the time with each message.
--LogClean <yes|no> no Also log clean files. Useful in debugging but drastically increases the log size.
--LogSyslog <yes|no> yes Use the system logger. This can work together with LogFile.
--LogFacility <string> LOG_LOCAL6 Specify the type of syslog messages.
--LogVerbose <yes|no> no Enable verbose logging.
--LogRotate <yes|no> yes Enable log rotation. Always enabled when LogFileMaxSize is enabled.
--ExtendedDetectionInfo <yes|no> no Log additional information about the infected file, such as its size and hash, together with the virus name.
--ConcurrentDatabaseReload <yes|no> no Enable non-blocking (multi-threaded/concurrent) database reloads. This feature will temporarily load a second scanning engine while scanning continues using the first engine. Once loaded, the new engine takes over. The old engine is removed as soon as all scans using the old engine have completed. This feature requires more RAM, so this option is provided in case users are willing to block scans during reload in exchange for lower RAM requirements.
--default <yes> Reset all settings to their default values.
--default_option <option> Reset a specific setting to its default value.
--restart <yes> Restart the service after saving settings.

Examples

// enable the ConcurrentDatabaseReload
sentinel --task=antivirus:antivirus --ConcurrentDatabaseReload=1 --restart=yes

// reset the ConcurrentDatabaseReload back to its default value
sentinel --task=antivirus:antivirus --default_option=ConcurrentDatabaseReload --restart=yes

// reset all settings to their default values
sentinel --task=antivirus:antivirus --default=yes --restart=yes